The penetration testing team has been discussed at length and in this article I want to discuss a little more on the penetration tester itself. The pen test itself is what is called a white-box vulnerability and so any vulnerabilities discovered within the process need to be classified as such. A pen test doesn’t care what the payload looks like or whether it’s a remote control program or perhaps some other “cutting edge” programming language that the attacker used in combination with the payload. For the purposes of this discussion we’ll stick to x86. The vulnerability is found by the various x86 checks which are executed within the context of the executable code during the execution of the vulnerability.
As previously mentioned, for the purposes of this article, the term “penetration testing” will mean anything which submits x86 code to the Address Space Modifier of an ARM device or aMIPS machine. One of the most common methods used by penetration testers is called “xenload”. It involves the usage of an x86-based executable which has dynamic library loading disabled – in other words, it has no pre-loads or any sort of dynamic memory injection attacks associated with it.
Another common method used by penetration testers is called “xoer”. This is an x86 fuzzing tool. This means that the tester will search randomly for vulnerable code and then trigger an “exe” to execute it. Of course, one would think that an “expert” would know not to do that. In actuality, many experienced hackers use these tools because the static analyzers commonly available don’t catch most of the bugs in today’s executable code, and so the more testers can just trigger the “exe” to “do something” in the background.
When discussing the two different kinds of pen-testing techniques, we need to talk about the first base technologies. For one, both techniques rely on generating fuzz to fuzz. However, whereas fuzzing is typically done through glibc/ncurses (although it is also possible to use other languages), pen testing relies on triggering an executable application. So, when looking for a good pen test technique to use, keep this fact in mind: you only want to find a program that works with your platform. Microsoft Windows, Linux, Mac OS X… Each system has their own” fuzzing” protocols, so if you’re using Linux or Mac OS X, then you’ll need to find a Linux/Mac compatible fuzzing utility. Of course, even Linux and Mac OS X have their own second base technologies.
The automated testing techniques rely on a set of rules. First, the developers write a “control” script, or “bot” to automate the testing process. Usually, these bot scripts are written in Java or C++, and they perform all of the complex tasks automatically. Second, the automated software will perform a series of random trials, “redial” calls, and “acle” attacks (the automated attacks used in the payload) in order to collect the important information that the testers will need. Lastly, the automated software will analyze the “control” data and reveal any problems that might affect the validations of the software.
The disadvantages of automated tools for social engineering are simple: they are slow, expensive, and often inaccurate. On the other hand, if you choose a good pen testers, they can work miracles. These guys have made their careers building complicated programs which perform incredibly difficult tasks, and they’re often able to find flaws in the software of large corporations, government agencies, and hackers themselves! When you combine their expertise with a reliable, open source tool, you have the perfect combination for automated social engineering testers.
It’s critical to only use open source software for penetration testing. By doing this, you will be sure that your efforts are 100% effective. If a testing company uses proprietary software for their tests, then you’ll never be sure of their integrity or ability to find vulnerabilities, because you have no way of verifying whether or not they’ve done their job. Plus, proprietary testing tools don’t make it easy for the penetration testers – because they force them to use specific, expensive programming languages. This can be both a time and money drain on the tester.
So, what is the best way to find the best penetration testing tools? It’s simple: ask other security professionals! There are several active security professionals out there who deal with exactly the same problems as you, and they’ll be glad to help you out by pointing you in the right direction. If you work with one of these experts, then you’ll never have to worry about whether or not your efforts were effective, and you can concentrate on building up your team instead of working so hard to find penetrations that weren’t there in the first place.